G8 Conference
on High-Tec Crime, 22-24 May 2001, TokyoThe draft
Recommendations from the "G8 Conference on High-Tec Crime"
being held in Tokyo (and draft press release reproduced below)
give effect to the extended "International User Requirements"
(as set out in ENFOPOL
29) - which require access
to mobile phones, satellite phones, internet usage and users'
personal details - at the international level.

The draft
Recommendations would allow national law enforcement agencies
to service "foreign preservation instructions" by serving
an interception order on network and services providers through
"expedited approval" even where: "there is no
violation of domestic law".

The meeting is comprised of high-level officials and advisers
from the G8 countries (eg: the G8 Senior Experts Group on Transnational
Organised Crime) and representatives from business. The G8 members
are: US, France, UK, Germany, Italy, Japan, Canada, Russia
and the European Community.G8
- Recommendations on tracing networked communications across
borders

i) Ensure data protection legislation, as implemented,
takes into account public safety and other social values, in
particular by allowing retention and preservation of data important
for network security requirements or law enforcement investigations
or prosecutions, and particularly with respect to the Internet
and other emerging technologies.

ii) Permit domestic law enforcement to serve foreign preservation
instructions to domestic service providers after expedited approval,
with substantive review if required by domestic law through a
domestic judicial or similar order.

iii) Authorise domestic law enforcement, through the execution
of a single domestic judicial or similar order where permitted
by domestic law, expeditiously to preserve or to instruct domestic
service providers expeditiously to preserve existing traffic
data regarding a specific communication whether one or more service
providers were involved in its transmission, and to instruct
the service providers expeditiously to disclose a sufficient
amount of traffic data to enable identification of the service
providers and path through which the communication was transmitted.

iv) Ensure the expeditious preservation of existing traffic data
regarding a specific communication whether one or more service
providers were involved in its transmission, and the expeditious
disclosure of a sufficient amount of traffic data to enable identification
of the service providers and path through which the communication
was transmitted, through the execution of a single domestic judicial
or similar order where permitted by domestic law.

v) Authorise domestic law enforcement to use the mechanisms described
in the prior paragraph to respond to a foreign request, through
expedited mutual assistance, even if there is no violation of
the domestic law of the requested state.

vi) Upon receiving a request from another state to trace a specific
communication, authorise competent authorities, even if there
is no violation of the domestic law of the requested state, to
use mechanisms available under domestic law expeditiously to
preserve all existing domestic data necessary to trace the communication,
notify the requesting state if the communication appears to come
from a third state, and provide sufficient data to the requesting
state so that it may request assistance from the third state.

vii) Authorise domestic law enforcement to trace in real time
specified communications in order to determine their path, origin
or destination, including through multiple providers in a country
, using a single domestic judicial or similar order if permitted
under domestic law.

viii) Authorise domestic law enforcement to use the mechanisms
described in the prior paragraph to respond to a foreign request,
through expedited mutual assistance, even if there is no violation
of the domestic law of the requested state.

ix) Encourage strong user-Level authentication for appropriate
applications, with due regard for technological neutrality and
users' freedom of choice.

x) Allow service providers to retain non-personal data, perhaps
by strongly supporting the adoption of best practice codes by
service providers and service provider associations.

xi) Authorise under domestic law the recording of IP addresses
or other traffic data indicating the destination of a communication
in real-time.

xii) Allow service providers to co-operate with one another through
the sharing of traffic data regarding network fraud and abuse
when necessary to protect immediately a provider's rights and
property , and encourage them to contact law enforcement as soon
as possible.

xiii) Allow service providers to co-operate with one another
through the sharing of non-personal data {concerning [[illegal][harmful]
activity regarding their businesses and services][network fraud
and abuse]}{when necessary to protect a provider's [system][rights
and property].

xiv) Encourage modification of the network architecture to support
strong authentication, with due regard for technological neutrality
and users' freedom of choice.

Tokyo - Senior representatives of the governments and the private
sector from all G8 countries met here this week to continue discussions
on combating high-tech and computer-related crime and the exploitation
of the Internet for criminal purposes. The G8 Govemment/Private
Sector High level Meeting on High-tech Crime was held May from
22 to 24 and was sponsored by the G8's Senior Experts Group on
Transnational Organised Crime, known as the Lyon Group.
1.

2.
Information and communication technology (11) is one of the most
potent forces shaping the Twenty First century.

The economic, social and cultural transformation we are witnessing
promises to be profound. However, constant advancement of IT
also provides criminals with opportunities to abuse such new
technologies to commit crimes. High-tech crime can be committed
through several telecommunications/ computer networks in different
countries in an instant, and directly affects private individuals
as well as companies and countries around the world. It poses
a serious global threat.

In order to combat effectively high-tech crime, international
cooperation is indispensable. The G8 thus has been addressing
this daunting challenge within the framework of the Lyon Group.
Cooperation among governments alone is not sufficient. The partnership
between governments and the private sector is critical and has
been emphasised by G8 Heads of state and government since their
Summit in Birmingham in 1998.

It is against this background that the Lyon Group convened the
first conference of G8 government and private sector representatives
in May 2000 in Paris. At the Paris Conference, G8 government
officials - engaged in a dialogue with representatives from 130
major companies associated with communications and new technologies.
Delegates discussed the ways in which new technologies threatened
the security of communication and computer systems or were being
used for criminal purposes, and explored possible solutions.

At the Kyushu-Okinawa Summit last year, G8 Heads of State and
Government welcomed the results and the momentum created by the
Paris Conference and stressed the need to promote dialogue with
the private sector. The Lyon Group thus convened the Berlin Workshop
in October last year to progress the dialogue. To best complement
the Paris Conference, the majority of the work in Berlin unfolded
in small workshops, and emphasis was placed on reducing impediments
to cooperation and developing practical solutions.

This week's Tokyo Conference was convened to further promote
dialogue with the private sector, following the commitment of
the Heads at the Kyushu-Okinawa Summit, with a view to producing
concrete results.

To achieve this, senior representatives of the governments and
the private sector from all G8 countries (about 200 participants)
met in small project groups to exchange views and opinions on
concrete topics and in plenary to explore cross-cutting issues
and future cooperation between governments and the private sector.

Five project groups examined the issues of i) data retention,
ii) data preservation, iii) protection of e-commerce and user
authentication, iv) prevention and assessment of threat, v) training,
and explored possible solutions that enhance the public interest,
including by protecting public safety , privacy and other social
values and encouraging the growth of e-commerce.

Among the specific work undertaken at the project groups was:

- In relation to data retention, an evaluation of the costs and
priorities in terms of resources, privacy and business opportunity-,
while examining the variety of services, business models and
service providers currently in existence; discussing best practices
for voluntary data retention taking, into account the legal and
technical issues involved

- Concerning data preservation, discussing best practices for
both law enforcement requests for access to or preservation of
data and industry responses to such requests, taking account
of the legal and technical issues involved.

- With respect to protection of e-commerce and user authentication,
defining better business practices for Internet merchants for
protection against fraudulent activities, including: mechanisms
for the exchange of information, authentication of on-line transactions
and identifying the responsibilities of different actors; and
exploring the different kinds of user authentication and which
applications incorporating user authentication are likely to
contribute to the deterrence of crime and increased confidence
in cyberspace.

- As to threat assessment and prevention, discussing appropriate
cooperation among relevant actors regarding -IT security; and
defining; actors, objectives, and mechanisms, including; application
of IT security standards, exchange of information and early warning
systems.

- Regarding training, developing the skill sets necessary to
ensure that individuals involved in the fight against high tech
crime within and across borders are sufficiently knowledgeable
to allow effective investigation.
All the groups engaged in free, frank and practical discussions
with active involvement of participants both from the government
and private sectors. Capitalizing on the work done at the Paris
Conference and the Berlin Workshop, the groups developed concrete
products towards practical solutions [some of which are attached
hereto. ]

4.
5.
After the project group sessions, all the participants met in
plenary . The participants discussed the areas taken up in the
project groups from a wider perspective, and also explored broader
issues, inter alia, future cooperation among relevant actors,
public awareness and outreach to non-G8 countries.

While development of any formal agreement or agreements was not
sought, all parties recognised the value of this dialogue and
the need for it to continue through various mechanisms and fora
as appropriate.

The government-delegates attending the Workshop, after consultation
with private sector representatives, shared the following views:

While IT offers unprecedented opportunities for accessing, sharing
and exchanging information and for economic development, its
abuse is a source of increasing concern for the international
community. The more IT becomes an essential foundation of the
global society, the more crucial it will become to ensure safety
and confidence in cyberspace. Lack of confidence therein may
well endanger the very foundation of the IT -driven society.
In this sense, governments, the private sector, and individual
users all share a joint interest in the fight against high-tech
crime.

In order to secure safety and confidence in cyberspace, it is
necessary to maintain- law enforcement's ability to locate and
identify high-tech criminals and to ensure they can, effectively
prevent online criminality, while respecting privacy, sound development
of industry, and other social values. Needless to say, many solutions
to these challenges call for further development and cooperation
between government and the private sector. Improvement of education
and training opportunities for both public and private sector
parties is also critical.

The Tokyo Conference represents another significant step in the
deepening dialogue between G8 governments and private sector
representatives in these areas, and in turn, in combating high-tech
crime and furthering safety and confidence in cyberspace. We
seek, at the turn of century, the continuing protection of the
prosperity , opportunity, and civil rights of our citizens in
cyberspace.

The results of the Conference reaffirmed the need to-strengthen
further the cooperative relationship between government and the
private sector, and to improve-international cooperation worldwide,
in order to combat high-tech crime.

The outcome of this Conference is expected to enhance discussions
among the G8 Heads who will meet in Genoa in July 2001.

&COPY; Statewatch ISSN 1756-851X.Material may
be used providing the source is acknowledged.Statewatch
does not have a corporate view, nor does it seek to create one,
the views expressed are those of the author. Statewatch is not
responsible for the content of external websites and inclusion
of a link does not constitute an endorsement.